Jim Beard, University of Oregon
Lightning Talk on IdM from Rearview Mirror
at Access Management CAMP in Philadelphia June 15, 2009
Implemeted IdM from Sun, which is very feature rich. Some aspects didn't get enough attention in the design and implementation phase of the IdM project.
Since there was a short time in implementation phase, look and feel was sometimes sacraficed for functionality.
One of challenges is "dirty" user interfaces.
Now the number of people looking at the admin side of system has grown. The team had originally assumed only one or two people would be looking at it. It turns out that systems and network systems folks wanted to look at it. More training has been neeed.
Thec access management implementation pulled curtain back on some of the business processes in place (Banner, etc.)
It became clear people weren't always getting forms in on time.
There were issues when someone can't get to their account because someone is on vacation.
A lot of improvements have occurred in business processes.
- allowing people to claim their accounts sooner
- Being able to communicate w incoming students is important. The university has been bumping that timeline to an earlier date each year. Now by May students can claim accounts for entry in fall.
People have accounts set up before coming to campus events
- Account management in general has improved
- Visible audit trail now exists for a lot of events and IdM life cycle
In summary, we replaced a home-grown system that had been around for 15 years. It was klugy and there was no audit trail. Putting out fires was hard.
Q: One of the challenges in extending life cycle is working w security office
How do you work this out to let students access resources before the University has seen a student?
A: our security team has given us advice on best practices. But other than that they are hands off. So we haven't dealt w them on a continual basis, just as needs arise.
Q: How is student identity established originally?
A: Most done thru registration. Using Banner. They get a pac and access code
When they identify themselves originally they use univ ID and Banner PAC code
We rely on fact they got letter sent to them.
Q: How does that data get into Banner?
A: According to processes of previous schools. There is a whole IdM process that happens there, data coming in from thousands of places. It's an art of admissions that manages to figure out who people are. Relies on paper mail.